#!/bin/sh -e

. "/usr/libexec/girar/girar-sh-functions"

export IFS=' 	
'
export PATH=/sbin:/usr/sbin:/bin:/usr/bin
umask 022

usage()
{
	echo "$PROG: $*" >&2
	echo "usage: $PROG <NAME> <IDENTITY FILE>"
	exit 1
}

NAME="$1"
[ -n "$NAME" ] ||
	usage 'not specified: NAME'
shift
printf %s "$NAME" |egrep -qs '^[a-z][a-z_0-9]+$' ||
	fatal "$NAME: invalid NAME specified"

IDFILE="$1"
[ -n "$IDFILE" ] ||
	usage 'not specified: IDENTITY FILE'
shift

IDFILE="$(readlink -ev "$IDFILE")" ||
	fatal "identity file '$IDFILE' not available"

SUDO_HOME="$(getent passwd "$SUDO_USER" |cut -d: -f6)" ||
	fatal "sudo user '$SUDO_USER' not found"

SUDO_HOME="$(readlink -ev "$SUDO_HOME")" &&
	[ -d "$SUDO_HOME" ] ||
	fatal "sudo user '$SUDO_USER' home directory '$SUDO_HOME' not available"

[ -z "${IDFILE##$SUDO_HOME/*}" ] ||
	fatal "identity file '$IDFILE' out of range"

IDENTITY=$(cat "$IDFILE") ||
	fatal "$IDFILE: error reading identity file"

n=`echo "$IDENTITY" |wc -l`
[ "$(echo "$n" |awk '{print $1}')" = 1 ] ||
	fatal "$IDFILE: invalid identity file"
s="$(echo "$IDENTITY" |head -c7)"
n="$(echo "$s" |head -c4)"
[ ssh-dss = "$s" -o ssh-rsa = "$s" ] ||
	fatal "$IDFILE: invalid identity file: unrecognized type"

IT_NAME="git_$NAME"
AUTH="/etc/openssh/authorized_keys/$IT_NAME"
[ -e "$AUTH" ] ||
	fatal "error changing $NAME: authorized keys file '$AUTH' doesn't exist"

echo "no-port-forwarding,no-X11-forwarding,no-agent-forwarding $IDENTITY" >>"$AUTH" ||
	fatal "error creating authorized keys file '$AUTH' for user $IT_NAME"
